EDITIONS

Follow us

Watchdog reports have consistently dinged the State Department for its insufficient cybersecurity protections, and last week a bipartisan group of senators asked Secretary of State Mike Pompeo how the department was responding. | Zach Gibson/Getty Images

State Department email breach exposed employees' personal information

The State Department recently suffered a breach of its unclassified email system, and the compromise exposed the personal information of a small number of employees, according to a notice sent to the agency’s workforce.

State described the incident as “activity of concern … affecting less than 1% of employee inboxes” in a Sept. 7 alert that was shared with POLITICO and confirmed by two U.S. officials.

Story Continued Below

“We have determined that certain employees’ personally identifiable information (PII) may have been exposed,” the alert said. “We have notified those employees.”

The classified email system was not affected, according to the alert, which was marked “Sensitive But Unclassified.”

Watchdog reports have consistently dinged State for its insufficient cybersecurity protections, and last week a bipartisan group of senators asked Secretary of State Mike Pompeo how the department was responding. The secretary has yet to respond to the senators' letter.

The most reliable politics newsletter.

Sign up for POLITICO Playbook and get the latest news, every morning — in your inbox.

Email

By signing up you agree to receive email newsletters or alerts from POLITICO. You can unsubscribe at any time.

Following the email breach, the department convened a task force to examine the incident, according to a U.S. official, who requested anonymity to discuss a security matter.

The State Department confirmed the breach of its cloud-hosted email service in a statement to POLITICO. "This is an ongoing investigation and we are working with partner agencies, as well as the private sector service provider, to conduct a full assessment," spokeswoman Nicole Thompson said in an email.

The sources who spoke to POLITICO did not say whether the department had identified the hackers behind the breach.

The State Department has always been a toptarget for hackers, especially those working for foreign governments. One of the most famous cybersecurity incidents in U.S. government history occurred in late 2014, when the NSA and Russian hackers battled for control of State Department servers.